Contents
Short answer: ciscoconfparse is a Python library that helps you quickly answer questions like these about your configurations:
- What interfaces are shutdown?
- Which interfaces are in trunk mode?
- What address and subnet mask is assigned to each interface?
- Which interfaces are missing a critical command?
- Is this configuration missing a standard config line?
It can help you:
- Audit existing router / switch / firewall / wlc configurations
- Modify existing configurations
- Build new configurations
Speaking generally, the library examines an IOS-style config and breaks it into a set of linked parent / child relationships. You can perform complex queries about these relationships.
The following code will parse a configuration stored in 'exampleswitch.conf' and select interfaces that are shutdown.
from ciscoconfparse import CiscoConfParse
parse = CiscoConfParse('exampleswitch.conf', syntax='ios')
for intf_obj in parse.find_objects_w_child('^interface', '^\s+shutdown'):
print("Shutdown: " + intf_obj.text)The next example will find the IP address assigned to interfaces.
from ciscoconfparse import CiscoConfParse
parse = CiscoConfParse('exampleswitch.conf', syntax='ios')
for intf_obj in parse.find_objects('^interface'):
intf_name = intf_obj.re_match_typed('^interface\s+(\S.+?)$')
# Search children of all interfaces for a regex match and return
# the value matched in regex match group 1. If there is no match,
# return a default value: ''
intf_ip_addr = intf_obj.re_match_iter_typed(
r'ip\saddress\s(\d+\.\d+\.\d+\.\d+)\s', result_type=str,
group=1, default='')
print("{0}: {1}".format(intf_name, intf_ip_addr))Don't let that stop you.
As of CiscoConfParse 1.2.4, you can parse brace-delimited configurations into a Cisco IOS style (see Github Issue #17), which means that CiscoConfParse understands these configurations:
- Juniper Networks Junos
- Palo Alto Networks Firewall configurations
- F5 Networks configurations
CiscoConfParse also handles anything that has a Cisco IOS style of configuration, which includes:
- Cisco IOS, Cisco Nexus, Cisco IOS-XR, Cisco IOS-XE, Aironet OS, Cisco ASA, Cisco CatOS
- Arista EOS
- Brocade
- HP Switches
- Force 10 Switches
- Dell PowerConnect Switches
- Extreme Networks
- Enterasys
- Screenos
- The latest copy of the docs are archived on the web
- There is also a CiscoConfParse Tutorial
ciscoconfparse requires Python versions 2.7 or 3.5+ (note: version 3.7.0 has a bug - ref Github issue #117, but version 3.7.1 works); the OS should not matter.
You can install into Python2.x with pip:
pip install --upgrade ciscoconfparse
Use pip3 for Python3.x...
pip3 install --upgrade ciscoconfparse
If you don't want to use pip, you can install with easy_install:
easy_install -U ciscoconfparse
Otherwise download it from PyPi, extract it and run the setup.py script:
python setup.py install
If you're interested in the source, you can always pull from the github repo or bitbucket repo:
From github:
git clone git://github.com/mpenning/ciscoconfparse cd ciscoconfparse/ pip install .
- Dive into Python3 is a good way to learn Python
- Team CYMRU has a Secure IOS Template, which is especially useful for external-facing routers / switches
- Cisco's Guide to hardening IOS devices
- Center for Internet Security Benchmarks (An email address, cookies, and javascript are required)
- Please report any suggestions, bug reports, or annoyances with ciscoconfparse through the github bug tracker.
- If you're having problems with general python issues, consider searching for a solution on Stack Overflow. If you can't find a solution for your problem or need more help, you can ask a question.
- If you're having problems with your Cisco devices, you can open a case with Cisco TAC; if you prefer crowd-sourcing, you can ask on the Stack Exchange Network Engineering site.
Travis CI project tests ciscoconfparse on Python versions 2.7 through 3.8, as well as a pypy JIT executable.
Click the image below for details; the current build status is:
ciscoconfparse is licensed GPLv3; Copyright David Michael Pennington, 2007-2021.
ciscoconfparse is not affiliated with Cisco Systems in any way; the word "Cisco" is a registered trademark of Cisco Systems
ciscoconfparse was written by David Michael Pennington (mike [~at~] pennington [/dot] net).
Special thanks:
- Thanks to David Muir Sharnoff for his suggestion about making a special case for IOS banners.
- Thanks to Alan Cownie for his API suggestions.
- Thanks to CrackerJackMack for reporting Github Issue #13
- Soli Deo Gloria